From: Todd C. Miller Date: Fri, 25 May 2018 03:04:23 +0000 (-0600) Subject: Use arc4random for mkstemp() and insults. X-Git-Tag: SUDO_1_8_24^2~59 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43003d29d8ac430a5f83e86d062f2d205ca99a67;p=sudo Use arc4random for mkstemp() and insults. --- diff --git a/lib/util/Makefile.in b/lib/util/Makefile.in index 8f07bce8b..e9e8113c2 100644 --- a/lib/util/Makefile.in +++ b/lib/util/Makefile.in @@ -492,8 +492,8 @@ mksiglist.lo: $(srcdir)/mksiglist.c $(incdir)/sudo_compat.h \ mksigname.lo: $(srcdir)/mksigname.c $(incdir)/sudo_compat.h \ $(srcdir)/mksigname.h $(top_builddir)/config.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mksigname.c -mktemp.lo: $(srcdir)/mktemp.c $(incdir)/sudo_compat.h $(top_builddir)/config.h \ - $(top_builddir)/pathnames.h +mktemp.lo: $(srcdir)/mktemp.c $(incdir)/sudo_compat.h $(incdir)/sudo_rand.h \ + $(top_builddir)/config.h $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(srcdir)/mktemp.c mktemp_test.lo: $(srcdir)/regress/mktemp/mktemp_test.c \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ diff --git a/lib/util/mktemp.c b/lib/util/mktemp.c index defbd9014..4537b3ded 100644 --- a/lib/util/mktemp.c +++ b/lib/util/mktemp.c @@ -30,6 +30,11 @@ #ifdef HAVE_STDLIB_H # include #endif /* HAVE_STDLIB_H */ +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ @@ -41,6 +46,7 @@ #include #include "sudo_compat.h" +#include "sudo_rand.h" #include "pathnames.h" #define MKTEMP_FILE 1 @@ -50,80 +56,6 @@ #define NUM_CHARS (sizeof(TEMPCHARS) - 1) #define MIN_X 6 -#ifndef INT_MAX -#define INT_MAX 0x7fffffff -#endif - -#if defined(HAVE_ARC4RANDOM) -# define RAND() arc4random() -# define SEED_T unsigned int -#elif defined(HAVE_RANDOM) -# define RAND() random() -# define SRAND(_x) srandom((_x)) -# define SEED_T unsigned int -#elif defined(HAVE_LRAND48) -# define RAND() lrand48() -# define SRAND(_x) srand48((_x)) -# define SEED_T long -#else -# define RAND() rand() -# define SRAND(_x) srand((_x)) -# define SEED_T unsigned int -#endif - -static void -seed_random(void) -{ -#ifdef SRAND - struct timeval tv; - SEED_T seed; - int fd; - -# ifdef HAVE_GETENTROPY - /* Not really an fd, just has to be -1 on error. */ - fd = getentropy(&seed, sizeof(seed)); -# else - /* - * Seed from /dev/urandom if possible. - */ - fd = open(_PATH_DEV "urandom", O_RDONLY); - if (fd != -1) { - ssize_t nread; - - do { - nread = read(fd, &seed, sizeof(seed)); - } while (nread == -1 && errno == EINTR); - close(fd); - if (nread != (ssize_t)sizeof(seed)) - fd = -1; - } -# endif /* HAVE_GETENTROPY */ - /* - * If no /dev/urandom, seed from time of day and process id - * multiplied by small primes. - */ - if (fd == -1) { - (void) gettimeofday(&tv, NULL); - seed = (tv.tv_sec % 10000) * 523 + tv.tv_usec * 13 + - (getpid() % 1000) * 983; - } - SRAND(seed); -#endif -} - -static unsigned int -get_random(void) -{ - static int initialized; - - if (!initialized) { - seed_random(); - initialized = 1; - } - - return RAND() & 0xffffffff; -} - static int mktemp_internal(char *path, int slen, int mode) { @@ -153,7 +85,7 @@ mktemp_internal(char *path, int slen, int mode) do { for (cp = start; cp != ep; cp++) { - r = get_random() % NUM_CHARS; + r = arc4random_uniform(NUM_CHARS); *cp = tempchars[r]; } diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in index 352c3aff7..b8cf9720c 100644 --- a/plugins/sudoers/Makefile.in +++ b/plugins/sudoers/Makefile.in @@ -1284,12 +1284,13 @@ sudo_auth.lo: $(authdir)/sudo_auth.c $(devdir)/def_data.h \ $(incdir)/sudo_conf.h $(incdir)/sudo_debug.h \ $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \ $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \ - $(incdir)/sudo_util.h $(srcdir)/defaults.h $(srcdir)/ins_2001.h \ - $(srcdir)/ins_classic.h $(srcdir)/ins_csops.h \ - $(srcdir)/ins_goons.h $(srcdir)/ins_python.h $(srcdir)/insults.h \ - $(srcdir)/logging.h $(srcdir)/parse.h $(srcdir)/sudo_nss.h \ - $(srcdir)/sudoers.h $(srcdir)/sudoers_debug.h \ - $(top_builddir)/config.h $(top_builddir)/pathnames.h + $(incdir)/sudo_rand.h $(incdir)/sudo_util.h $(srcdir)/defaults.h \ + $(srcdir)/ins_2001.h $(srcdir)/ins_classic.h \ + $(srcdir)/ins_csops.h $(srcdir)/ins_goons.h \ + $(srcdir)/ins_python.h $(srcdir)/insults.h $(srcdir)/logging.h \ + $(srcdir)/parse.h $(srcdir)/sudo_nss.h $(srcdir)/sudoers.h \ + $(srcdir)/sudoers_debug.h $(top_builddir)/config.h \ + $(top_builddir)/pathnames.h $(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(SSP_CFLAGS) $(authdir)/sudo_auth.c sudo_nss.lo: $(srcdir)/sudo_nss.c $(devdir)/def_data.h \ $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \ diff --git a/plugins/sudoers/auth/sudo_auth.c b/plugins/sudoers/auth/sudo_auth.c index 6ef9bd726..022f81efb 100644 --- a/plugins/sudoers/auth/sudo_auth.c +++ b/plugins/sudoers/auth/sudo_auth.c @@ -23,6 +23,11 @@ #include #include #include +#if defined(HAVE_STDINT_H) +# include +#elif defined(HAVE_INTTYPES_H) +# include +#endif #ifdef HAVE_STRING_H # include #endif /* HAVE_STRING_H */ diff --git a/plugins/sudoers/insults.h b/plugins/sudoers/insults.h index 58d7f9d21..cc08023fc 100644 --- a/plugins/sudoers/insults.h +++ b/plugins/sudoers/insults.h @@ -20,6 +20,8 @@ #if defined(HAL_INSULTS) || defined(GOONS_INSULTS) || defined(CLASSIC_INSULTS) || defined(CSOPS_INSULTS) || defined(PYTHON_INSULTS) +#include "sudo_rand.h" + /* * Use one or more set of insults as determined by configure */ @@ -58,7 +60,7 @@ char *insults[] = { /* * return a pseudo-random insult. */ -#define INSULT (insults[time(NULL) % NOFINSULTS]) +#define INSULT (insults[arc4random_uniform(NOFINSULTS)]) #endif /* HAL_INSULTS || GOONS_INSULTS || CLASSIC_INSULTS || CSOPS_INSULTS || PYTHON_INSULTS */